Providing data protection to destination storage objects on remote arrays in response to assignment of data protection to corresponding source storage objects on local arrays

ABSTRACT

A data protection technique involves, based on a first set of policies on a first storage array, generating a second set of policies on a second storage array to track the first set. The first array maintains a first storage object, and the second array maintains a second storage object as a replica of the first storage object. The technique further includes detecting assignment of the first set of policies to the first storage object and, in response to such detection, assigning the second set of policies to the second storage object. Application of a set of storage policies to a storage object may be delayed if the storage object is a replication destination. A policy group may identify multiple data protection rules or policies, which may include a snapshot rule and/or replication rule, and a user may be prevented from directly making a rule modification to a policy group. An orphan policy group cleanup operation may be performed to delete orphan policy groups.

BACKGROUND

Data storage systems save host data within and retrieve host data fromlocal storage resources in response to write and read commands from hostcomputers. Examples of local storage resources include volumes which areaccessible via block-based operations and files which are accessible viafile-based operations. A data storage system may replicate a localstorage resource containing host data to another data storage system. Insuch a situation, if a host computer loses access to the data storagesystem having the local storage resource, the host computer can access areplicated storage resource containing the host data from the other datastorage system.

SUMMARY

Unfortunately, there are deficiencies to the above describedconventional data storage system that replicates a local storageresource to a remote data storage system. In particular, data protectionschemes that are performed on the local storage resource are notautomatically duplicated for the replicated storage resource on theremote data storage system.

For example, suppose that a human administrator manually customizes dataprotection for a particular production volume on a local data storagesystem. In particular, suppose that the human administrator enters acommand to configure the local data storage system to capture a snapshotof the production volume every 30 minutes and retain each snapshot for 2weeks. Additionally, suppose that the human administrator enters anothercommand to configure the local data storage system to replicate theparticular production volume to a replica volume on a remote datastorage system using a recovery point objective (RPO) of 10 minutes.

Now suppose that a failover event has occurred which causes a hostcomputer to write host data to and read host data from the replicavolume on the remote data storage rather than to/from the particularproduction volume on the local data storage system (e.g., plannedmaintenance in which the replication direction is reversed). In such asituation, the replica volume on the remote data storage system, whichis now being used as the source of production host data, does notreceive the same customized data protection for the particularproduction volume on the local data storage system. Moreover, if thehuman administrator wishes to provide the same customized dataprotection to the replica volume on the remote data storage system, thehuman administrator needs to manually customize the remote data storagesystem to provide the same data protection (e.g., by entering commandson the remote data storage system).

In contrast to the above-described conventional data storage systemwhich does not automatically duplicate data protection for a replicatedstorage resource on a remote data storage system, improved techniquesprovide automatic assignment of data protection policies (or rules),which are assigned to source storage objects on local data storagearrays, to corresponding destination storage objects on remote datastorage arrays (i.e., replicated storage objects). Accordingly, if thereis a failover event that causes a host computer to lose access to asource storage object on a local data storage array and to then accessthe corresponding destination storage object on a remote data storagearray as a new primary source of host data (e.g., after failover), thecorresponding destination storage object automatically receives the samedata protection level as the original source storage object. Suchtechniques not only remove the manual human administrator steps (e.g.,manually entering individual commands) to configure data protection onreplicated host data when the replicated host data becomes the newprimary source, but also allow the same levels of local and remote dataprotection to be provided to source and destination storage objects.

One embodiment is directed to a method of providing data protectionamong data storage arrays. The method includes, based on a first set ofdata protection policies on a first data storage array, generating, by apolicy engine, a second set of data protection policies on a second datastorage array to track the first set of data protection policies on thefirst data storage array. The first data storage array maintains a firststorage object. Additionally, the second data storage array maintains asecond storage object as a replica of the first storage objectmaintained by the first data storage array. The method further includesdetecting, by the policy engine, assignment of the first set of dataprotection policies to the first storage object maintained by the firstdata storage array. The first data storage array provides dataprotection to the first storage object in accordance with the first setof data protection policies in response to the assignment of the firstset of data protection policies to the first storage object. The methodfurther includes, in response to detecting the assignment of the firstset of data protection policies to the first storage object maintainedby the first data storage array, automatically assigning, by the policyengine, the second set of data protection policies to the second storageobject maintained by the second data storage array. The second datastorage array provides data protection to the second storage object inaccordance with the second set of data protection policies in responseto the automatic assignment of the second set of data protectionpolicies to the second storage object.

In some arrangements, each data storage array of the first data storagearray and the second data storage array is constructed and arranged to(i) apply a set of data protection policies to a storage objectmaintained by that data storage array when the set of data protectionpolicies is assigned to that storage object and when that storage objectis a replication source, and (ii) delay applying (or enforcing) the setof data protection policies to that storage object maintained by thatdata storage array when the set of data protection policies is assignedto that storage object and when that storage object is a replicationdestination. Additionally, the first storage object initially is areplication source, and the first data storage array applies the firstset of data protection policies to the first storage object inaccordance with the first set of data protection policies in response to(i) assignment of the first set of data protection policies to the firststorage object and (ii) the first storage object initially being areplication source. Furthermore, the second storage object initially isa replication destination. Also, automatically assigning the second setof data protection policies to the second storage object maintained bythe second data storage array includes delaying applying the second setof data protection policies to the second storage object maintained bythe second data storage array in response to (i) assignment of thesecond set of data protection policies to the second storage object and(ii) the second storage object initially being a replicationdestination.

In some arrangements, the first set of data protection policies includesa first policy group identifying multiple data protection rules.Additionally, generating the second set of data protection policies onthe second data storage array to track the first set of data protectionpolicies on the first data storage array includes forming, as at least aportion of the second set of data protection policies, a second policygroup based on the first policy group, the second policy groupidentifying the multiple data protection rules.

In some arrangements, during assignment of the first set of dataprotection policies to the first storage object, the policy enginegenerates a first data protection association having a first policygroup identifier that uniquely identifies the first policy group amongother policy groups and a first storage object identifier that uniquelyidentifies the first storage object among other storage objects. Thefirst data protection association is used by the data storage arrays tomanage data protection for the first storage object. Additionally,automatically assigning the second set of data protection policies tothe second storage object maintained by the second data storage arrayfurther includes generating a second data protection association havinga second policy group identifier that uniquely identifies the secondpolicy group among the other policy groups and a second storage objectidentifier that uniquely identifies the second storage object among theother storage objects, the second data protection association being usedby the data storage arrays to manage data protection for the secondstorage object.

In some arrangements, the first policy group identifies, as the multipledata protection rules, multiple snapshot rules, each of the multiplesnapshot rules specifying a different snapshot creation schedule toroutinely create snapshots of a storage object on a local data storagearray. Additionally, forming the second policy group based on the firstpolicy group includes configuring the second policy group to identifythe multiple snapshot rules identified by the first policy group.

In some arrangements, the first policy group identifies, as the multipledata protection rules, at least one snapshot rule and at least onereplication rule. Each snapshot rule identified by the first policygroup specifies a different snapshot creation schedule to routinelycreate snapshots of a storage object on a local data storage array. Eachreplication rule identified by the first policy group defines differentreplication criteria to replicate a storage object to a remote datastorage array. Additionally, forming the second policy group based onthe first policy group includes configuring the second policy group toidentify each snapshot rule and each replication rule identified by thefirst policy group.

In some arrangements, the method further includes detecting a dataprotection rule modification to the first policy group and, in responseto detecting the data protection rule modification to the first policygroup, making a corresponding data protection rule modification to thesecond policy group.

In some arrangements, making the corresponding data protection rulemodification to the second policy group includes changing at least onedata protection rule identified by the second policy group while thesecond policy group is assigned to the second storage object.

In some arrangements, making the corresponding data protection rulemodification to the second policy group includes changing at least onedata protection rule identified by the second policy group to match thedata protection rules identified by the second policy group with thedata protection rules identified by the first policy group.

In some arrangements, the first data storage array is constructed andarranged to process block-based input/output (I/O) requests on behalf ofa set of host computers. Additionally, the first storage object is afirst logical unit of storage (LUN) that stores host data based on theblock-based I/O requests. Furthermore, the second storage object is asecond LUN that stores host data based on the block-based I/O requests,the second LUN being different from the first LUN.

In some arrangements, the first data storage array is constructed andarranged to process file-based input/output (I/O) requests on behalf ofa set of host computers. Additionally, the first storage object is afirst file system that stores host data based on the file-based I/Orequests. Furthermore, the second storage object is a second file systemthat stores host data based on the file-based I/O requests, the secondfile system being different from the first file system.

In some arrangements, the first data storage array and the second datastorage array replicate data from the first storage object to the secondstorage object in accordance with the first policy group during a firsttime period. Additionally, the method further includes, during a secondtime period that is after the first time period, detecting that thesecond storage object has become the replication source and that thefirst storage object has become the replication destination.

In some arrangements, the method further includes, during the secondtime period and in response to detecting that (i) the second storageobject has become the replication source and (ii) the first storageobject has become the replication destination, automatically applyingthe second policy group to the second storage object, the first datastorage array and the second data storage array replicating data fromthe second storage object to the first storage object in response toapplying the second policy group to the second storage object.

In some arrangements, the policy engine configures metadata privilegesto allow a user to directly make a data protection rule modification tothe first policy group. Additionally, forming the second policy groupincludes configuring the metadata privileges to prevent a user fromdirectly making a data protection rule modification to the second policygroup.

In some arrangements, the method further includes, during a third timeperiod that is after the second time period, receiving a user command tomodify data protection imposed on the second storage object.Additionally, the method further includes, based on the metadataprivileges and the user command, (i) creating a third policy group thatincludes at least one data protection rule that is different from themultiple data protection rules identified by the second policy group,(ii) configuring the metadata privileges to allow a user to directlymake a data protection rule modification to the third policy group,(iii) terminating application of the second policy group to the secondstorage object, and (iv) applying the third policy group to the secondstorage object in place of the second policy group.

In some arrangements, the method further includes, periodicallyperforming an orphan policy group cleanup operation to delete orphanpolicy groups from one or more of the data storage arrays. The orphanpolicy group cleanup operation (i) identifies last update times for thefirst policy group and the second policy group and (ii) evaluateswhether to delete the first policy group and the second policy groupbased on the last update times as well as perhaps other criteria.

Another embodiment is directed to data storage equipment that includesmemory, and control circuitry coupled to the memory. The memory storesinstructions which, when carried out by the control circuitry (e.g., bythe control circuitry running or executing the instructions), cause thecontrol circuitry to:

-   -   (A) based on a first set of data protection policies on a first        data storage array, generate a second set of data protection        policies on a second data storage array to track the first set        of data protection policies on the first data storage array, the        first data storage array maintaining a first storage object, and        the second data storage array maintaining a second storage        object as a replica of the first storage object maintained by        the first data storage array;    -   (B) detect assignment of the first set of data protection        policies to the first storage object maintained by the first        data storage array, the first data storage array providing data        protection to the first storage object in accordance with the        first set of data protection policies in response to the        assignment of the first set of data protection policies to the        first storage object; and    -   (C) in response to detecting the assignment of the first set of        data protection policies to the first storage object maintained        by the first data storage array, automatically assign the second        set of data protection policies to the second storage object        maintained by the second data storage array, the second data        storage array providing data protection to the second storage        object in accordance with the second set of data protection        policies in response to the automatic assignment of the second        set of data protection policies to the second storage object.

Yet another embodiment is directed to a computer program product havinga non-transitory computer readable medium which stores a set ofinstructions to provide data protection among data storage arrays. Theset of instructions, when carried out by data storage equipment, causesthe data storage equipment to perform a method of:

-   -   (A) based on a first set of data protection policies on a first        data storage array, generating a second set of data protection        policies on a second data storage array to track the first set        of data protection policies on the first data storage array, the        first data storage array maintaining a first storage object, and        the second data storage array maintaining a second storage        object as a replica of the first storage object maintained by        the first data storage array;    -   (B) detecting assignment of the first set of data protection        policies to the first storage object maintained by the first        data storage array, the first data storage array providing data        protection to the first storage object in accordance with the        first set of data protection policies in response to assignment        of the first set of data protection policies to the first        storage object; and    -   (C) in response to detecting assignment of the first set of data        protection policies to the first storage object maintained by        the first data storage array, automatically assigning the second        set of data protection policies to the second storage object        maintained by the second data storage array, the second data        storage array providing data protection to the second storage        object in accordance with the second set of data protection        policies in response to automatic assignment of the second set        of data protection policies to the second storage object.

It should be understood that, in the cloud context, at least some ofelectronic circuitry is formed by remote computer resources distributedover a network. Such an electronic environment is capable of providingcertain advantages such as high availability and data protection,transparent operation and enhanced security, big data analysis, etc.

Other embodiments are directed to electronic systems and apparatus,processing circuits, computer program products, and so on. Someembodiments are directed to various methods, electronic components andcircuitry which are involved in providing data protection to destinationstorage objects on remote data storage arrays in response to assignmentof data protection to corresponding source storage objects on local datastorage arrays.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features and advantages will beapparent from the following description of particular embodiments of thepresent disclosure, as illustrated in the accompanying drawings in whichlike reference characters refer to the same parts throughout thedifferent views. The drawings are not necessarily to scale, emphasisinstead being placed upon illustrating the principles of variousembodiments of the present disclosure.

FIG. 1 is a block diagram of a data storage environment which utilizesgroups of data protection policies that can be assigned to individualstorage objects.

FIG. 2 is a block diagram of certain data storage equipment of the datastorage environment of FIG. 1.

FIG. 3 is a block diagram illustrating particular policy group detailsof an example situation.

FIG. 4 is a block diagram illustrating further policy group details ofthe example situation.

FIG. 5 is a block diagram illustrating policy group details of theexample situation when a policy group is assigned to a new storageobject.

FIG. 6 is a block diagram illustrating policy group details of theexample situation when a modification is made to a policy group.

FIG. 7 is a flowchart of a procedure which is performed by the datastorage equipment of FIG. 2.

FIG. 8 is a block diagram illustrating particular details of areplication situation.

FIG. 9 is a block diagram illustrating further details of thereplication situation.

FIG. 10 is a block diagram illustrating particular details ofinformation which is managed by a policy engine.

FIG. 11 is a block diagram illustrating further details of thereplication situation.

FIG. 12 is a flowchart of another procedure which is performed by thedata storage equipment of FIG. 2.

FIG. 13 is a flowchart of yet another procedure which is performed bythe data storage equipment of FIG. 2.

DETAILED DESCRIPTION Overview

An improved technique is directed to providing automatic assignment of adata protection policy (or rule), which is assigned to a source storageobject on a local data storage array, to a corresponding destinationstorage object on a remote data storage array (i.e., a replica of thesource storage object). Accordingly, if there is a failover event thatcauses a host computer to lose access to the source storage object onthe local data storage array and subsequently access the correspondingdestination storage object on the remote data storage array as the newprimary source of host data (e.g., after failover), the correspondingdestination storage object automatically receives the same dataprotection as the original source storage object. Such a technique notonly removes the manual human administrator steps (e.g., manuallyentering individual commands) to configure data protection on thereplicated host data when the replicated host data becomes the newprimary source, but also allows the same levels of local and remote dataprotection to be provided to the source and destination storage objects.

FIG. 1 shows a data storage environment 20 having equipment thatutilizes groups of data protection policies that can be assigned toindividual storage objects. As will be explained in further detailshortly, the data storage environment 20 provides data protection to adestination storage object on a remote data storage array in response toassignment of data protection to a corresponding source storage objecton a local data storage array.

As shown in FIG. 1, the data storage environment 20 includes hostcomputers 22(1), 22(2), . . . (collectively, host computers 22), a localdata storage array 24(L) and a remote data storage array 24(R)(collectively, data storage arrays 24), other equipment 26, and acommunications medium 28.

Each host computer 22 is constructed and arranged to perform useful workwhile storing host data 30 within, and loading host data 30 from thedata storage arrays 24. For example, a host computer 22 may operate as aweb server, a database server, a file server, an email server, anenterprise server, and so on, which provides I/O requests (e.g., smallcomputer system interface or SCSI commands, file access commands,combinations thereof, etc.) to the data storage arrays 24 to store hostdata 30 in and read host data 30 from the data storage arrays 24.

Each data storage array 24 is constructed and arranged to perform datastorage operations on behalf of one or more of the host computers 22. Tothis end, each data storage array 24 includes storage processingcircuitry 40 to carry out the data storage operations, and physicalstorage devices 42 to store the host data 30 in a non-volatile orpersistent manner. The storage processing circuitry 40 may include oneor more physical storage processors, data movers, director boards,blades, I/O modules, storage drive controllers, switches, combinationsthereof, and so on. The physical storage devices 42 may include solidstate devices (SSDs), hard disk drives (HDDs), combinations thereof,etc.

As shown in FIG. 1, the local data storage array 24(L) includes storageprocessing circuitry 40(L) and storage devices 42(L). Likewise, theremote data storage array 24(R) includes storage processing circuitry40(R) and storage devices 42(R). It should be understood that the terms“local” and “remote” are provided to indicate that the different datastorage arrays 24(L), 24(R) are separated from each other and reside indifferent locations, e.g., on different electrical services, indifferent buildings, on different campuses, in different cities, indifferent states, on different coasts, etc.

The other equipment 26 represents other circuitry within the datastorage environment 20 such as user devices, monitoring/administrativecircuitry, appliances, other data storage arrays (e.g., downstreamreplication sites), and so on. Such other equipment 26 may or may not bepart of the critical data storage path.

The communications medium 28 is constructed and arranged to connect thevarious components of the data storage environment 20 together to enablethese components to exchange electronic signals 50 (e.g., see the doublearrow 50). At least a portion of the communications medium 28 isillustrated as a cloud to indicate that the communications medium 28 iscapable of having a variety of different topologies including backbone,hub-and-spoke, loop, irregular, combinations thereof, and so on.

Along these lines, the communications medium 28 may include copper-baseddata communications devices and cabling, fiber optic devices andcabling, wireless devices, combinations thereof, etc. Furthermore, thecommunications medium 28 is capable of supporting SAN-basedcommunications, LAN-based communications, cellular communications,combinations thereof, etc.

During operation, the storage processing circuitry 40 of each datastorage array 24 receives I/O requests from the host computers 22, andprocesses the I/O requests by storing host data 30 within the localstorage devices 42 of that data storage array 24 and loading host data30 from the local storage devices 42 of that data storage array 24 onbehalf of the host computers 22. It should be understood that thestorage devices 42 may be arranged in a variety of configurations torobustly and reliably store the host data 30 (e.g., as RAID groups,tiered storage, log-based storage, combinations thereof, etc.).Moreover, the data storage array 24 stores the host data 30 in one ormore storage objects such as volumes, logical units of storage (LUNs),consistency groups, virtual volumes, files, file systems, volumes withinfiles, file systems within volumes, combinations thereof, and so on.

Furthermore, the data storage arrays 24 may provide a variety of dataprotection services to prevent data loss. In particular, each datastorage array 24 supports snapshots for local data protection (e.g., toprotect against a corrupted data block or file) and replication forremote data protection (e.g., to protect against a larger loss such asloss of access to that data storage array 24). Other data protectionservices are suitable for use as well such as RAID, mirroring, localand/or remote backups, local and/or remote archiving, and so on.

The various data protection services are invocable via user entrance ofrespective data protection commands. Such a data protection command mayspecify an individual data protection service or a group of dataprotection services to be applied to a particular storage object.

In connection with snapshots, a user of a data storage array 24 maycreate one or more snapshot rules and apply each snapshot rule to astorage object. Snapshot rules are used for local data protection.Various types of snapshot rules may be supported such as “interval” or“time of day”. Other time criteria are suitable for use as well.

It should be understood that, to apply a particular snapshot rule to aparticular storage object, the data storage array 24 generates anassociation between the snapshot rule and the storage object. In somearrangements, the association includes a snapshot rule identifier thatuniquely identifies the snapshot rule among other snapshot rules, astorage object identifier that uniquely identifies the storage objectamong other storage objects, and code that specifies the particulardetails of the snapshot rule. Such an association may be implemented inthe form of a data structure, a database entry, an instance,combinations thereof, and so on.

Provided below is a suitable snapshot rule definition for each datastorage array 24. Included are snapshot rule properties and supportedsnapshot operations such as creation, modification, and deletion.

snap_rule_instance{ description: Snap rule instance. Id string example:a9c64b58-59a5-45cd-80ed- 92a4545fd080 Snapshot rule identifier. Namestring example: Hourly snap rule Snapshot rule name. IntervalSnapRuleIntervalEnuminteger example: 1 Interval between snaps, inminutes. Only one of interval and time_of_day can be set. Setting onewill unset the other. time_of_day string($timestamp) example: 13:30 Timeof the day to take a daily snap, with format “hh:mm” in 24 hour timeformat. Only one of interval and time_of_day can be set. days_of_weekDays of the week on which the rule should be applied. Applies only forrules where time_of_day is set. Only one of interval and time_of_day canbe set. DaysOfWeekEnumstring example: Sunday Days of the week. retentionInteger Acceptable snapshot retention period in days. list_of_policy_idsString that identifies each policy group that utilizes this rule }It should be understood that one or more of the properties and/oroperations may be hidden from the standard user (i.e., not exposed to oraccessible by the user) for simplification purposes. Furthermore,alternative formats, definitions, etc. are suitable for use as well.

In connection with replication, a user of a data storage array 24 maycreate one or more replication rules and apply each replication rule toa storage object. Replication rules are used for remote data protection.In particular, in response to each replication rule, the data storagearray 24 creates a replication session to replicate the storage objectto another data storage array 24 (e.g., the local data storage array24(L) may replicate host data to the remote data storage array 24(R)).In some arrangements, a replication session replicates at a regularfrequency both current data of a storage object as well as locallystored snapshots of the storage object. Each replication rule may beconfigured to create just one replication session or multiple sessions(e.g., 1-to-N, daisy chained sessions, etc.).

To apply a particular replication rule to a particular storage object,the data storage array 24 generates an association between thereplication rule and the storage object. In some arrangements, theassociation includes a replication rule identifier that uniquelyidentifies the replication rule among other replication rules, a storageobject identifier that uniquely identifies the storage object amongother storage objects, and code that specifies the particular details ofthe replication rule. Such an association may be implemented in the formof a data structure, a database entry, an instance, combinationsthereof, and so on.

Provided below is a suitable replication rule definition for each datastorage array 24. Included are replication rule properties and supportedreplication operations such as creation, modification, and deletion. Itshould be understood that the user may need to initially enter certaininformation within the local data storage array 24 to enable the localdata storage array 24 to properly identify and communicate with a remotedata storage array 24 before creating and applying a replication rule.

replication_rule_instance{ description: Replication rule instance. Idstring example: a9c64b58-59a5-45cd-80ed- 92a4545fd080 Replication ruleidentifier. Name string example: Five minute RPO rule Replication rulename. Rpo RpoEnuminteger example: 5 Recover point objective (RPO). i.e.,the interval between replication syncs, in minutes. Enum: Array [ 7 ]io_priority ReplicationIoPriorityEnumstring example: Low default: MediumIO priorities. Enum: Array [ 3 ] remote_system_id string Identifier ofthe remote system to which this rule will replicate associated objects.list_of_policy_ids String that identifies each policy group thatutilizes this rule }

In addition to individually creating and applying data protection rulesto storage objects, a user of a data storage array 24 may create apolicy group that identifies (or includes) multiple data protectionrules and then apply the policy group to one or more storage objects.When the user applies such a policy group to a storage object, the datastorage array 24 responds by applying all of the data protection rulesthat belong to that policy group to that storage object at once. Byapplying the same policy group to multiple storage objects, the user isnot burdened by meticulously and repetitively typing out the same dataprotection rules for each storage object.

To apply a particular policy group to a particular storage object, thedata storage array 24 generates an association between that policy groupand the storage object. In some arrangements, the association includes apolicy group identifier that uniquely identifies the policy group amongother policy groups, a storage object identifier that uniquelyidentifies the storage object among other storage objects, and code thatspecifies the particular details of the policy group (e.g., a list ofdata protection rule identifiers, the data protection rules themselves,combinations thereof, etc.). Such an association may be implemented inthe form of a data structure, a database entry, an instance,combinations thereof, and so on.

Moreover, once the user has created a policy group, the user can modifyand/or delete the policy group. When modifying a policy group, the usercan add one or more data protection rules to the policy group, changeone or more existing data protection rules currently within the policygroup, and/or remove one or more data protection rules currently withinthe policy group. When the user saves (or executes) such a modification,the data storage array 24 is able to automatically apply the changes toeach storage object that is associated with the modified policy group.Accordingly, the user does not need to repetitively make a similarchange for each storage object that the policy group is assigned to.

Provided below is a suitable policy group definition for each datastorage array 24. Included are a list of properties for the dataprotection policy. As mentioned above, a policy group can be created,modified, and deleted. Both snapshot rules and replication rules can beadded to, changed, or removed from a policy group. When a policy groupcontains both snapshot and replication rules, application of the policygroup to a storage object provides local and remote data protection tothe storage object. However, a user may also create and apply policygroups that only include snapshot rules (e.g., for local data protectiononly), or only include replication rules (e.g., for remote dataprotection only), and so on.

policy_instance{ description: Policy instance. id string example:a9c64b58-59a5-45cd-80ed-92a4545fd080 Policy identifier. name stringexample: Gold Policy Policy name. description string Policy description.list_of_rule_ids String that identifies each rule in this policy group }

It should be understood that it is possible for a user to apply multipledata protection rules and/or policy groups to a storage object. In sucha case, the data storage array 24 manages multiple associations thatassociate the multiple data protection rules and/or policy groups tothat storage object.

It should be further understood that the data storage array 24 maydelete (or de-associate) one or more data protection rules and/or policygroups to a storage object. In some arrangements, when the user deletesa data protection rule from a policy group, the data storage array 24specifies a null data protection policy identifier within that policygroup in place of an actual rule identifier.

Suitable identifiers include unique names, integers, alphanumericstrings, pointers, addresses, indexes, combinations thereof, and so on.Such identifiers enable the data storage arrays 24 to uniquely identifyindividual instances among other instances.

One should appreciate that there is no timing requirement regarding whenthe user creates a group of data collection policies and then appliesthat group to one or more storage objects. Along these lines, the usermay wish to create and save several policy groups before applying anypolicy group and then, for each storage object under management, theuser may selectively apply the created (or now predefined) policy groupsto various storage objects.

Alternatively, the user may be working on a particular storage object(e.g., allocating memory to create that storage object) and, during thesame working effort, create and apply a group of data collectionpolicies to that particular storage object. Later, the user may applythat same policy group to one or more other storage objects.

It should be understood that such creation and assignment of dataprotection rules and/or policy groups to storage objects are imposed onthe data storage arrays 24 via a policy engine that responds to commandsfrom a user. Such a policy engine may reside within one or more of thedata storage arrays 24 (e.g., see the storage processing circuitry 40)and/or externally (e.g., see the other equipment 26).

Suppose that a user assigns certain data protection for a particularstorage object residing on the local storage array 24(L). In particular,suppose that the user assigns a policy group that includes a replicationrule to replicate the particular storage object to a correspondingreplica storage object on the remote storage array 24(R). In response tothis situation, the policy engine automatically assigns a policy groupto the corresponding replica storage object so that the replica storageobject receives the same data protection. Such operation is animprovement to the technology because the replicated data within thereplica storage object is now protected in the same manner as the sourcedata within the particular storage object residing on the local storagearray 24(L). Moreover, such operation does not require the user tomanually enter individual data protection commands to protect thereplicated data. Further details will now be provided with reference toFIG. 2.

FIG. 2 shows specialized electronic circuitry 60 that is suitable forthe storage processing circuitry 40 of each data storage array 24 (alsosee FIG. 1). The electronic circuitry 60 includes a communicationsinterface 62, memory 64, and processing circuitry 66, and a storageinterface 68.

The communications interface 62 is constructed and arranged to connectthe electronic equipment 60 to the communications medium 28 (also seeFIG. 1) to enable communications with other devices of the data storageenvironment 20 (e.g., the host computers 22). Such communications may beSAN-based, IP-based, cellular-based, cable-based, fiber-optic based,wireless, cloud-based, combinations thereof, and so on. Accordingly, thecommunications interface 62 enables the electronic equipment 60 torobustly and reliably exchange information with other externalapparatus.

The memory 64 is intended to represent both volatile storage (e.g.,DRAM, SRAM, etc.) and non-volatile storage (e.g., flash memory, magneticmemory, etc.). The memory 64 stores a variety of software constructs 70including operating system code 72, specialized code 74, specializeddata structures 76, and other code and data 78. The operating systemcode 72 is intended to refer to a kernel and other control instructionsto manage computerized resources (e.g., processor cycles, memory space,etc.), drivers (e.g., an I/O stack), and so on. The specialized code 74refers to instructions that enable utilization of data protection rulesand policy groups that can be assigned to the individual storage objects(e.g., to form a policy engine). The specialized data structures 76refers to a repository of entries (e.g., created and/or applied dataprotection rules and policy groups, assignments/associations,identifiers, etc.). The other code and data 78 refers to user-levelapplications, administrative tools, utilities, and so on. In somearrangements, storage devices 42 on a data storage array 24 (FIG. 1) mayform at least a portion of the memory 64.

The processing circuitry 66 is constructed and arranged to operate inaccordance with the various software constructs 70 stored in the memory64. As will be explained in further detail shortly, the processingcircuitry 66 executes the specialized code 74 and manages thespecialized data structures 76 to effectively and efficiently enable auser to impose data protection on each storage object (e.g., apply agroup of data protection policies to a storage object via a singleoperation, make policy group changes to automatically adjust dataprotection for multiple storage objects all at once, etc.). Suchprocessing circuitry 66 may be implemented in a variety of waysincluding via one or more processors (or cores) running specializedsoftware, application specific ICs (ASICs), field programmable gatearrays (FPGAs) and associated programs, discrete components, analogcircuits, other hardware circuitry, combinations thereof, and so on. Inthe context of one or more processors executing software, a computerprogram product 90 is capable of delivering all or portions of thesoftware constructs 70 to the electric circuitry 60. In particular, thecomputer program product 90 has a non-transitory (or non-volatile)computer readable medium which stores a set of instructions whichcontrols one or more operations of the electric circuitry 60. Examplesof suitable computer readable storage media include tangible articles ofmanufacture and apparatus which store instructions in a non-volatilemanner such as CD-ROM, flash memory, disk memory, tape memory, and thelike.

It should be understood that the processing circuitry 66, when operatingin accordance with the software constructs 70 such as the specializedcode 74, forms specialized circuitry that enables the user toeffectively and efficiently utilize groups of data protection policies(e.g., to form a policy engine). To this end, the specialized circuitrymay provide the user with a graphical user interface (GUI) from which toreceive user input (e.g., user commands, parameters, etc.) as well asprovide user output (e.g., status, feedback, etc.). One shouldappreciate that a variety of GUI techniques are suitable for use (e.g.,via web browser, a custom interface, etc.).

The storage interface 68 is constructed and arranged to communicate withthe storage devices 42. Suitable protocols for the storage interface 68include SATA, SAS, PCIe, combinations thereof, and so on.

Policy Group Details

FIGS. 3 through 6 show various examples to illustrate particularfeatures in accordance with certain embodiments. FIG. 3 shows particulardetails of an initial data storage situation. FIG. 4 shows furtherdetails of the example situation. FIG. 5 shows details of the examplesituation when a new assignment is made to a particular storage object.FIG. 6 shows details of the example situation when a change is made to aparticular predefined group of data protection policies.

FIG. 3 shows an example situation in which a user of a data storagearray 24 (also see FIG. 1) has created and saved different groups 100 ofdata protection policies 110, i.e., a “platinum” policy group 100(P), a“gold” policy group 100(G), a “silver” policy group 100(S), etc. Asmentioned earlier, the user may create and save the policy groups 100prior to assigning the policy groups to storage objects 120 of the datastorage array 24. Alternatively, the user may create a new policy group100 and assign that new policy group 100 to a particular storage object120 on the fly.

When a user assigns a policy group 100 of data protection rules 110 to astorage object 120 (e.g., via a user command), a policy engine forms anassociation between that policy group and the storage object 120. Fromthat point, the policy engine applies the data protection rules 110 ofthe policy group 100 to protect the data within the storage object 120.

By way of example only, the “platinum” policy group 100(P) has beenassigned to the storage object 120(3). Accordingly, the data storagearray 24 applies all of the data protection rules 110 that belong to the“platinum” policy group 100(P) to the storage object 120(3).

Additionally, by way of example only, the “gold” policy group 100(G) hasbeen assigned to the storage object 120(2). As a result, the datastorage array 24 applies all of the data protection rules 110 thatbelong to the “gold” policy group 100(G) to the storage object 120(2).

Furthermore, by way of example only, the “silver” policy group 100(S)has been assigned to the storage objects 120(1) and 120(6). Thus, thedata storage array 24 applies all of the data protection rules 110 thatbelong to the “silver” policy group 100(S) to each of the storageobjects 120(1) and 120(6). It should be appreciated that the user didnot need to re-type the same data protection rules 110 for each of thestorage objects 120(1) and 120(6) to give the storage objects 120(1),120(6) the same data protection. Rather, the user was able to simplyassign the same policy group 100(S) to each of storage objects 120(1)and 120(6) (e.g., via respective user commands).

FIG. 4 shows certain details of the policy groups 100. In particular,each policy group 100 identifies (or includes) one or more dataprotection rules 110. By way of example, the “platinum” policy group100(P) identifies, perhaps among other data protection rules 110, asnapshot rule 110(1) to create a snapshot every 5 minutes and retainthat snapshot for 2 days, a snapshot rule 110(2) to create a snapshotevery at 2 am every day and retain that snapshot for 1 week, andreplication rule 110(n) to replicate to another data storage array 24(e.g., “Array A”) with a 1 minute RPO (recovery point objective).

It should be understood that the “platinum” policy group 100(P) mayidentify one or more other data protection rules 110 for snapshotting(e.g., in accordance with other time criteria) and one or more dataprotection rules 110 for replication (e.g., to replicate to another datastorage array 24). Moreover, it should be understood that the otherpolicy groups 100(G), 100(S), . . . may identify similar combinationsand/or different combinations of data protection rules 110.

At this point, it should be clear that when a policy group 100 isassigned to a storage object 120, the data storage array 24 applies allof the data protection rules 110 that are identified by that policygroup 100 to that storage object 120. Accordingly, since “platinum”policy group 100(P) is assigned to the storage object 120(3), datastorage array 24 applies all of the above-mentioned data protectionrules 110 identified by the “platinum” policy group 100(P) to thestorage object 120(3).

FIG. 5 shows the example situation of FIG. 3 after the user has furtherassigned certain earlier created and saved (i.e., now predefined) policygroups 100 to other storage objects 120 of the data storage array 24. Tothis end, the user has entered input into a GUI to modify the operationof the data storage array 24.

Recall that the “platinum” policy group 100(P) was initially assignedonly to the storage object 120(3) (also see FIG. 3). By way of exampleonly, the user has further assigned the “platinum” policy group 100(P)to the storage objects 120(5) and 120(9). Along these lines, the usermay enter a single command (e.g., via a GUI) to assign the “platinum”policy group 100(P) to the storage object 120(5). Likewise, the user mayenter another single command to assign the “platinum” policy group100(P) to the storage object 120(9). One should appreciate that, witheach single command, the user is able to assign all of the dataprotection rules 110 identified by the “platinum” policy group 100(P) toa particular storage object 120. Such a task is less burdensome and lessprone to error than a task of the user individually typing in andassigning each data protection rule 110 to each storage object 120 oneby one. That is, in response to a single policy group assignment commandfrom the user, a policy engine controlling the data storage array 24associates the “platinum” policy group 100(P) with a particular storageobject 120 (e.g., the storage object 120(3) or the storage object120(9)). In response, the data storage array 24 applies the particulardata protection rules 110 (FIG. 4) of the “platinum” policy group 100(P)to that storage object 120 (also see FIG. 4).

Likewise, recall that the “silver” policy group 100(S) was initiallyassigned only to the storage objects 120(1) and 120(6) (also see FIG.3). By way of example only, the user has further assigned the “silver”policy group 100(S) to the storage object 120(7). Such assignmentdirects the data storage array 24 to now associate the “silver” policygroup 100(S) with the storage object 120(7) in addition toearlier-formed associations with the storage objects 120(1) and 120(6).In response, the data storage array 24 now further applies the multipledata protection rules 110 identified by the “silver” policy group 100(S)(FIG. 4) to the storage object 120(7).

FIG. 6 shows the example situation after the user has made a policygroup modification. By way of example, the user has modified the“platinum” policy group 100(P). In particular, the user has changed thedata protection rule 110(2) of the policy group 100(P) so that asnapshot is now created at 1 am every day rather than 2 am every day.Additionally, by way of example, the user has added another dataprotection rule 110(n+1) to the policy group 100(P) (i.e., the user hasmodified the policy group 100(P) to identify another data protectionrule 110) so that replication is made to another data storage array 24(e.g., Array B) with a 1 hour RPO.

When the user commits the modification to the “platinum” policy group100(P), the data storage array 24 applies the modification to eachstorage object 120 that the “platinum” policy group 100(P) is assignedto. Such operation thus enables the user to update data protection tomultiple storage objects 120 all at once (e.g., to storage objects120(3), 120(5), and 120(9) simultaneously).

In some situations, the modification may be automatic and appliedimmediately. For example, suppose that the modification includesreducing the snapshot retain period for certain snapshots from 2 days to1 day (also see the data protection rule 110(1) in FIG. 4). Such anautomatic and immediate application may quickly free up certainresources of the data storage array 24 such as non-volatile memory thusimproving the operation of the data storage array 24.

In other situations, the data storage array 24 may prompt the user withthe storage objects 120 that the “platinum” policy group 100(P) isassigned to (e.g., via the GUI in the form of a list) and enables theuser to apply the “platinum” policy group 100(P) to the storage objects120 selectively based on further user input. For example, the datastorage array 24 may allow the user to save the modified policy group100 as a new policy group 100 (e.g., a “bronze” policy group 100) andapply the new policy group 100 only to storage objects 120 that the userselects. In such a situation, the original policy group continues toapply to the non-selected storage objects 120.

Other policy group modifying methodologies are suitable for use as well.Moreover, in addition to changing and adding one or more data protectionrules 110 to a policy group 100, the user may delete one or more dataprotection rules 110 from a policy group. Such operations enable theuser to update data protection to multiple storage objects 120 withoutany need to separately change data protection rules 110 assigned to eachstorage object 120 individually. Further details will now be providedwith reference to FIG. 7.

FIG. 7 is a flowchart of a procedure 200 which utilizes a group of dataprotection policies within data storage equipment. The procedure 200 maybe performed by a policy engine that imposes data protection on one ormore data storage arrays 24. The policy engine may reside with the datastorage arrays 24 or be external to the data storage arrays 24.

At 202, the policy engine provides access to individually invocable dataprotection services. Recall that the data storage arrays 24 areconstructed and arranged to invoke each individually invocable dataprotection service to protect data within a storage object via arespective data protection rule.

At 204, the policy engine forms a policy group from multiple dataprotection rules. Along these lines, the policy engine creates and savesa policy group that identifies (or includes) multiple data protectionrules. At this point, the policy group is assignable to one or morestorage objects. Additionally, the policy group may be managed through apolicy group lifecycle (e.g., the policy group may be modified,re-assigned, deleted, and so on).

At 206, the policy engine assigns the policy group to a set of storageobjects to protect data within the set of storage objects. Here, thepolicy engine may respond to user commands by forming associationsbetween policy groups and storage objects and saving such associationsin a data protection repository. Such a data protection repository maydefine how the various data protection services are applied to the setof storage objects (e.g., also see the specialized data structures 76 inFIG. 2).

As described above, certain improved techniques are directed toutilizing groups 100 of data protection policies (or rules) 110 that areassignable to storage objects 120 (e.g., logical units of storage orLUNs, file systems, etc.). In particular, a user can simply assign apolicy group 100 to each storage object 120. The policy group 100 mayinclude a variety of data protection policies 110 such as one or moresnapshot rules and one or more replication rules. Accordingly, the useris able to impose an entire group 100 of data protection policies 110 oneach storage object 120 all at once. Moreover, the user may change apolicy or policies 110 within a policy group 100 that is assigned tomultiple storage objects 120 and thus adjust data protection policies110 for the multiple storage objects 120 all at once. As a result, thereis less time and effort imposed on the user compared to a human systemadministrator's conventional task of manually configuring each volume orfile system individually. Furthermore, there is no special scriptwriting skills required by the user thus making the user's job lesscomplicated and less prone to error.

One should appreciate that the above-described techniques do not merelycollect, store, and analyze data. Rather, the disclosed techniquesinvolve an improvement to the technology. Along these lines, with theabove-described techniques, a data storage array 24 enjoys robust andreliable data protection of one or more storage objects 120 based onspecialized constructs, i.e., policy groups 100 where each policy group100 is able to identify multiple data protection rules 110. Moreover, ifa policy group 100 is assigned to multiple storage objects 120, anychange to the policy group 110 invokes a change to each storage object120 thus alleviating the need to separately make a change to theindividual rules 110 applied to each storage object 120. Such changes tohow the data storage array operates improves data storage arrayorganization and efficiency.

Automatic Assignment of Data Protection to Corresponding DestinationStorage Objects

FIGS. 8 through 10 show a replication situation 300 in which thecircuitry of the data storage environment 20 (also see FIG. 1) provides,among other things, remote data protection to source storage objects120(A) residing on a data storage array 24(A) by replicating data fromthe source storage objects 120(A) to destination storage objects 120(B)residing on another data storage array 24(B). However, in contrast toconventional data storage systems that do not duplicate data protectionon source and destination data, the circuitry of the replicationsituation 300 automatically assigns the same level of local and remotedata protection that a user has assigned to the source storage objects120(A) to the destination storage objects 120(B).

To this end, a policy engine 310 manages data protection for the variousstorage objects 120 within the data storage environment 20. Recall thatthe policy engine 310 may be formed by processing circuitry running inaccordance with specialized code (also see FIG. 2). It should beunderstood that the policy engine 310 may reside within one or more datastorage arrays 24, in one or more external devices 26, in the cloud, incombinations thereof in a distributed manner, and so on (also see FIG.1).

The policy engine 310 manages data protection of storage objects 120using metadata such as associations 320 between (i) policy groups 100and individual data protection rules 110 and (ii) the storage objects120 of the data storage environment 20. In particular, when a userassigns a policy group 100 or an individual data protection rule 110 toa storage object 120, the policy engine 310 creates an association 320that identifies that assignment (e.g., associates a policy groupidentifier PG_ID that identifies a particular policy group with astorage object identifier SO_ID that identifies a particular storageobject). Likewise, the policy engine 310 is able to update and/or createassociations 320 to identify current and/or further assignments.

Along these lines, when a user enters a command to assign a policy group100 (or a data protection rule 110) to a source storage object 120(A),the policy engine 310 creates (or updates) an association 320(1) betweenthat policy group 100 and the source storage object 120(A). In theexample shown in FIG. 8, the policy engine 310 creates a separateassociation 320 between a particular policy group 100 and each sourcestorage object 120(A) (e.g., LUN_1, LUN_2, . . . on the data storagearray 24(A)) in response to a user assigning that policy group 100 toeach source storage object 120(A). By way of example, the same policygroup 100, which identified multiple data protection rules 110, is shownas being assigned to multiple storage objects 120(A) (e.g., LUN_1 andLUN_2) to illustrate the earlier described features (also see FIGS. 3through 6).

In response to such assignments, the policy engine 310 automaticallyperforms specialized operations to provide the same data protection tothe corresponding destination storage objects 120(B). By way of example,storage objects 120(B) LUN_1 and LUN_2 are replicated to the datastorage array 24(B).

In response to each policy group assignment by the user, the policyengine 310 searches the metadata to determine whether a copy of thepolicy group 100 already exists and, if so, determines whether that copyis already assigned to the storage objects 120(B) that correspond to thestorage objects 120(A) receiving data protection assignment. Since thecopy of the policy group 100 does not yet exist, the policy engine 310copies the original policy group 100 from the data storage array 24(A)to the data storage array 24(B) to form a policy group copy 100′ (orsimply policy group 100′). Along these lines, the original policy group100 includes a snapshot rule (e.g., “Snapshot_Rule_1”) and a replicationrule (e.g., “Replication_Rule_1”). Accordingly, the policy group copy100′ also includes the same snapshot rule (e.g., “Snapshot_Rule_1”) andthe same replication rule (e.g., “Replication_Rule_1”). If the originalpolicy group 100 included other data protection rules, the policy engine310 would duplicate those other data protection rules within the policygroup copy 100′ as well.

After the policy engine 310 creates the policy group copy 100′, thepolicy engine 310 configures the policy group copy 100′ as read only.Accordingly, even though the user may be able to directly modify theoriginal policy group 100 (i.e., the user has read and write access tothe original policy group 100), the user is not permitted to directlymodify the policy group copy 100′. Rather, if the user later modifiesthe original policy group 100, the policy engine 310 automaticallymirrors the user's changes to the policy group copy 100′. Thus, it isacceptable that only the policy engine 310 is permitted to directlymodify the policy group copy 100′.

Next, the policy engine 310 assigns the policy group copy 100′ to eachof the corresponding destination storage objects 120(B) but places thepolicy group copy 100′ in an inactive (or dormant) state for eachstorage object 120(B). In particular, the policy engine creates aseparate association 320(2) between the policy group copy 100′ and eachcorresponding destination storage object 120(B) (i.e., LUN_1, LUN_2, . .. on the data storage array 24(B)) and appropriately configures eachassociation 320(2).

At this point, the corresponding destination storage objects 120(B) havethe same data protection as the source storage objects 120(A). However,the policy engine 310 maintains the policy group copy 100′ is in theinactive state for each storage object 120(B) and does not immediatelyapply the data protection rules within the policy group copy 100′ todelay snapshotting and replication of the storage objects 120(B) sincethe storage objects 120(B) are currently replication destinations. Thatis, the policy engine 310 delays application (e.g., delays enforcementof the data protection rules) of the policy group copy 100′ while thestorage objects 120(B) remain replication destinations.

However, if a particular storage object 120(B) becomes a productionstorage object (e.g., after a failover event), the policy engine 310makes the policy group copy 100′ active for that storage object 120(B).That is, the policy engine 310 modifies the particular assignment 320(2)between the policy group copy 100′ and the storage object 120(B) that isno longer a replication destination and is now a replication source toindicate that the application of the policy group copy 100′ is tocommence. In response, the data storage arrays 24 apply (e.g., enforce)all of the data protection rules within the policy group copy 100′ tothat storage object 120(B).

FIG. 9 shows the replication situation 300 after occurrence of afailover event for LUN_1. Along these lines, the failover event may havebeen planned (e.g., due to planned maintenance, due to an upgrade,etc.).

As shown in FIG. 9, the replication direction between the storageobjects 120(A), 120(B) for LUN_1 is now reversed. In particular, thestorage object 120(B) for LUN_1 on the data storage array 24(A) is nowthe replication source and the storage object 120(A) for LUN_1 is nowthe replication destination on the data storage array 24(B).

In response to the failover event, the policy engine 310 automaticallytransitions the association 320(2) that associates the policy group copy100′ with the storage object 120(B) for LUN_1 from the inactive state tothe active state. In response, application of the data protection rules110 of the policy group copy 100′ is no longer delayed. Rather, the datastorage arrays 24 now operate to apply the data protection rules 110 ofthe policy group copy 100′. Accordingly, Snapshot_Rule_1 andReplication_Rule_1 are now applied to the storage object 120(B) forLUN_1.

It should be understood that the above-described example shows thereplication direction being reversed for simplicity. If the failoverevent was unplanned (e.g., due to an equipment failure, due to anextended power outage, etc.), the same techniques are suitable forapplying remote data protection from the data storage array 24(B) toanother data storage array 24.

FIG. 10 shows example metadata 330 which is managed by the policy engine310. At least a portion of this metadata 330 may take the form of anassociation database or repository that stores the associations 320(FIGS. 8 and 9), and includes association entries 340(1), 340(2),340(3), 340(4), . . . (collectively, association entries 340). In somearrangements, the metadata 330 resides in a central location (e.g.,within a particular data storage array 24, at a central server, in thecloud, etc.). In other arrangements, the metadata 330 is distributedacross multiple locations (e.g., distributed among the data storagearrays 24).

Each association entry 340 identifies a particular association 320 andincludes an association identifier field 350, a data protectiongroup/rule identifier field 352, a storage object identifier field 354,a replication status field 356, an active/inactive state field 358, andother fields 360. The association identifier field 350 of eachassociation entry 340 stores an association identifier that uniquelyidentifies the particular association 320 among the other associations320 of the data storage environment 20. The data protection group/ruleidentifier field 352 stores a data protection group or rule identifierthat uniquely identifies a data protection group 100 or data protectionrule 110 among other data protection groups/rules 100/110. The storageobject identifier field 354 stores a storage object identifier thatuniquely identifies a storage object 120 among other data storageobjects 120. The replication status field 356 stores a status indicatorwhich indicates whether the storage object 120 is a replication sourceor a replication destination. The active/inactive state field 358 storesa state indicator which indicates whether the data protectionpolicy/rule 100/110 is inactive or active. The other fields 360 storeother information such as timestamps indicating the last update times,access privileges (e.g., read only, read/write, etc.), and so on.

As shown in FIG. 10, the association entry 340(1) identifies anassociation 320 between the policy group 100 and the storage object120(A) for LUN_1. Additionally, the association entry 340(2) identifiesan association 320 between the policy group 100 and the storage object120(A) for LUN_2. Furthermore, the association entry 340(3) identifiesan association 320 between the policy group 100′ and the storage object120(B) for LUN_1. Also, the association entry 340(4) identifies anassociation 320 between the policy group 100′ and the storage object120(B) for LUN_2, and so on.

As described earlier in connection with FIG. 9, the replicationdirection between the storage object 120(A) for LUN_1 and the storageobject 120(B) for LUN_1 is now in the opposite direction. That is, thestorage object 120(B) for LUN_1 is now the replication source, and thestorage object 120(A) for LUN_1 is now the replication destination.Accordingly, the association entry 340(1) now indicates that the policygroup 100 assigned to the storage object 120(A) for LUN_1 is inactive,and the association entry 340(2) now indicates that the policy group100′ assigned to the storage object 120(B) for LUN_1 is active. Thus,the data protection rules 110 identified by the policy group 100 are nolonger applied to the storage object 120(A) for LUN_1, and the dataprotection rules 110 identified by the policy group 100′ are currentlyapplied to the storage object 120(B) for LUN_1.

It should be understood that the metadata 330 as illustrated in FIG. 10was provided by way of example only, and that there are other ways ofmanaging the associations 320 among the data storage arrays 24. Forexample, in other arrangements, each data storage array 24 stores atable that contains only local array data (e.g., the local associations320, etc.). Additionally, in some arrangements, such a table does nottrack storage_object-to-policy_group associations but instead a storageobject table that contains policy group IDs is used to point to entriesin a policy group table. Such alternative configurations are consideredsuitable for supporting certain improvements disclosed herein.

FIG. 11 shows the replication situation 300 when a user attempts to makea direct modification to the policy group 100′ while the policy group100′ is applied to a source storage object, e.g., the storage object120(B) LUN_1. For example, the user may wish to add data protection rule110, delete a data protection rule 110, and/or modify a data protectionrule 110 of the policy group 100′.

Recall that the policy engine 310 prevents the user from directlymodifying the policy group 100′ (i.e., the policy group 100′ is set toread only from the perspective of the user). Accordingly, to accommodatethe user's modification, the policy engine 310 copies the policy group100′ to form a policy group copy 100″ (or simply policy group 100″) andadjusts the privileges of the policy group copy 100″ to enable the userto directly modify the policy group copy 100″. Additionally, the policyengine 310 updates the association entry 340(4) within the metadata 330(also see FIG. 10) to indicate that the policy group copy 100″ is nowbeing applied to the storage object 120(B) for LUN_1.

As a result, the read only policy group 100′ remains assigned to thestorage object 120(B) LUN_2 which is still a destination storage object.However, the write and read policy group 100″ is now assigned to thestorage object 120(B) LUN_1 which is now a source storage object and cannow have data protection modifications made thereto.

One should appreciate that situations may arise in which a policy group100 becomes orphaned. For example, a source policy group 100 may bedeleted while the data storage array 24 is down. In such a situation,the policy engine 310 periodically finds and removes orphaned policygroups 100.

In some arrangements, the policy engine 310 only deletes orphaned policygroups 100 on the replica side. In such arrangements, the primary side(or first policy group) can be standalone.

Such cleanup operations may be based on the last time each policy group100 was updated and perhaps other criteria (e.g., whether the policygroup is on the primary or replica side). Along these lines, the policyengine 310 may delete any policy group 100 that has not been updatedwithin a predefined amount of time (e.g., 1 month, 2 weeks, etc.).Further details will now be provided with reference to FIG. 12.

FIG. 12 shows particular details of a procedure 400 which is performedby a replication-related service such as an RPO (recovery pointobjective) handler when enforcing the RPO for a particular dataprotection rule 110. Such a service may be provided by the policy engine310 and/or other components of a data storage array 24.

At 402, the procedure 400 begins. In particular, the procedure 400 maybe triggered in response to the RPO schedule for the particular dataprotection rule 110.

At 404, the service finds all policy groups that include the particulardata protection rule 110. For example, the service may create a list orarray of policy groups.

Starting at 406, the service cycles through for each policy group thatwas found. If there were no policies found, the service is finished.However, if there was at least one policy group found, 406 proceeds to408.

At 408, for a particular policy group that was found, the servicedetermines whether that policy group has been modified (and furtherdetails will be provided shortly). If not, the procedure proceeds to410. However, if that policy group has been modified, the procedureproceeds to 412.

At 412, the service communicates a copy of the policy group identifier(or the policy group itself) to the remote data storage array 24. Uponreceipt at 414, the remote data storage array 24 creates (or updates) areplica policy group.

At 416, after the service communicates the copy of the policy group tothe remote data storage array 24, the service updates the policy grouppair table, e.g., the metadata 330.

At 410, the service creates and synchronizes or syncs replicationsessions.

At 418, the service proceeds to the next policy group that was found forthe particular data protection rule 110.

It should be understood that the service is invoked again in the future,e.g., at each RPO cycle of the policy engine 310.

Further Details

FIG. 13 shows a procedure 500 for providing data protection amongreplicated storage objects maintained by data storage arrays. Inparticular, the procedure 500 enables automatic assignment of a dataprotection policy group/rule to a destination storage object in responseto assignment to a source storage object. The procedure 500 is performedby circuitry of the data storage environment 20 such as the policyengine 310 (also see FIG. 8).

At 502, the circuitry generates, based on a first set of data protectionpolicies on a first data storage array, a second set of data protectionpolicies on a second data storage array to track the first set of dataprotection policies on the first data storage array (also see FIG. 8).The first data storage array maintains a first storage object (e.g., thestorage object 120(A) for LUN_1), and the second data storage arraymaintains a second storage object (e.g., the storage object 120(B) forLUN_1) as a replica of the first storage object maintained by the firstdata storage array.

At 504, the circuitry detects assignment of the first set of dataprotection policies to the first storage object maintained by the firstdata storage array (e.g., the policy group 100). The first data storagearray provides data protection to the first storage object in accordancewith the first set of data protection policies in response to assignmentof the first set of data protection policies to the first storageobject.

At 506, the circuitry, in response to detecting assignment of the firstset of data protection policies to the first storage object maintainedby the first data storage array, automatically assigns the second set ofdata protection policies (e.g., the policy group 100′) to the secondstorage object maintained by the second data storage array. The seconddata storage array provides data protection to the second storage objectin accordance with the second set of data protection policies inresponse to automatic assignment of the second set of data protectionpolicies to the second storage object.

As described above, improved techniques provide automatic assignment ofdata protection policies (or rules), which are assigned to sourcestorage objects 120 on local data storage arrays 24, to correspondingdestination storage objects 120 on remote data storage arrays 24 (i.e.,replicated storage objects). Accordingly, if there is a failover eventthat causes a host computer to lose access to a source storage object120 on a local data storage array 24 and then access the correspondingdestination storage object 120 on a remote data storage array 120 as anew primary source of host data (e.g., after failover), thecorresponding destination storage object 120 automatically receives thesame data protection level as the original source storage object 120.Such techniques not only remove the manual human administrator steps(e.g., manually entering individual commands) to configure dataprotection on replicated host data when the replicated host data becomesthe new primary source, but also allow the same levels of local andremote data protection to be provided to source and destination storageobjects 120.

It should be understood that the techniques disclosed herein involve animprovement to the technology. Along these lines, with theabove-described techniques, a data storage array 24 enjoys robust andreliable data protection of one or more storage objects 120 based onspecialized constructs, i.e., policy groups 100 where each policy group100 is able to identify multiple data protection rules 110. Moreover, ifa policy group 100 is assigned to a source storage object 120, the samelevel of data protection is provided to the corresponding destinationstorage object 120 of the replication pair. Such a change to how thedata storage array 24 operates improves data storage array organizationand efficiency.

While various embodiments of the present disclosure have beenparticularly shown and described, it will be understood by those skilledin the art that various changes in form and details may be made thereinwithout departing from the spirit and scope of the present disclosure asdefined by the appended claims.

For example, it should be understood that various components of the datastorage environment 20 such as the host computers 22 are capable ofbeing implemented in or “moved to” the cloud, i.e., to remote computerresources distributed over a network. Here, the various computerresources may be distributed tightly (e.g., a server farm in a singlefacility) or over relatively large distances (e.g., over a campus, indifferent cities, coast to coast, etc.). In these situations, thenetwork connecting the resources is capable of having a variety ofdifferent topologies including backbone, hub-and-spoke, loop, irregular,combinations thereof, and so on. Additionally, the network may includecopper-based data communications devices and cabling, fiber opticdevices and cabling, wireless devices, combinations thereof, etc.Furthermore, the network is capable of supporting LAN-basedcommunications, SAN-based communications, combinations thereof, and soon.

One should appreciate that, in accordance with certain embodiments, auser defined policy can be used to protect multiple storage resources ona single storage array. Both local and remote protection rules can bedefined in a policy. Once a policy is applied to a storage resource, theresource is automatically protected locally with regularly scheduledsnapshots based on the local snap rules, and remotely via replicationsessions that are created by the policy engine based on the remotereplication rules. The replication sessions replicate local storage datachanges to one or more remote arrays at recovery point objective (RPO)intervals as defined in the remote replication rules.

In accordance with certain embodiments, a policy includes multiple snapand replication rules. Each snap rule can be used to define a snapshotschedule with an hourly interval or once a day schedule at a certaintime of the day. Snapshot retention periods can also be added to eachsnap rule. Each replication rule consists of a RPO interval and a remotearray. Multiple replication rules can be added to a policy to support1-to-N fan out replication configuration.

After a policy with a replication rule is applied to a local resource, apolicy orchestration engine creates (i) a peer resource on the remotearray, and (ii) a replication session on both the local and remotearrays to capture the peer relationship between the local storageresource and the remote resource on the peer array. Data is synchronizedfrom the local array to the remote array on an interval cadence definedby the RPO in the replication rule.

One should appreciate that a user defined policy can be used to protectmultiple storage resources on a single storage array. Both local andremote protection rules can be defined in a policy group. Once a policygroup is applied to a storage resource, the resource is automaticallyprotected locally with regularly scheduled snapshots based on the localsnap rules, and remotely via replication sessions that are created bythe policy engine based on the remote replication rules. The replicationsessions replicate local storage data changes to one or more remotearrays at the recovery point objective (RPO) intervals as defined in theremote replication rules.

A policy group may include multiple snap and replication rules. Eachsnap rule may define a snapshot schedule with an hourly interval or oncea day schedule at a certain time of the day. Snapshot retention periodscan also be added to each snap rule. Each replication rule may define ofa RPO interval and a remote array. Multiple replication rules can beadded to a policy to support 1 to N fan out replication configuration.

After a policy group with a replication rule is applied to a localresource, a policy orchestration engine can create a peer resource onthe remote array, and a replication session on both the local and remotearrays to capture the peer relationship between the local storageresource and the remote resource on the peer array. The replicationdestination resource is used to store replicating data and is read-onlyto end users. The destination resource, when created, does not have apolicy group associated. Without a policy group, the resource is notprotected when the replication session fails over and reversesdirection. Manual user steps are needed to apply a policy group on thatresource for local and remote protection. Replication session failoverand reversing direction is required in many use cases, including lengthymaintenance on the source array or a regular site swap between thesource and destination sites.

In accordance with certain embodiments disclosed herein, the policyengine provides data protection on the original destination resourcewhen the replication session fails over and reverses direction (e.g.,also see FIGS. 8 and 9). The policy engine not only removes the manualuser step to apply a policy group at the replication destinationresource to protect the resource when the replication session directionis reversed, but also allows the same level of local and remoteprotections on the source and destination resources.

Along these lines, a replica policy group on the remote array is used toautomatically protect the destination resource. The replica policy groupis created and maintained by the policy engine to track the sourcepolicy. When user applies the source policy group to a storage resource,the replica policy group would be automatically applied to the peerresource on the remote array. The replica policy group is read-only toend users and can only be updated and deleted by the policy engine onthe source array. The replica policy group cannot be removed from adestination resource before the replication session direction isreversed. A policy remains inactive unless the resource it is applied tois a primary resource (i.e. a replication source object).

In addition, any changes on the source policy group are replicated tothe replica policy group so that both local and remote protection levelsare kept to be the same. Once the direction of the replication sessionis reversed, the destination resource becomes a primary object, and thereplica policy is active automatically to provide the same level ofprotection support for scheduled snapshots and RPO scheduled datareplication to the original source array (e.g., see FIG. 9).

In accordance with certain embodiments, the life cycle of a replicapolicy group is managed by the policy engine and no user intervention isrequired (also see FIG. 11). Rather, various lower level details may bemade transparent to the simple user.

In some embodiments, for manageability and reducing resourceconsumption, it is necessary for a source policy group to have no morethan one replica policy group on the same remote array. A policy modeland a policy group copy API are introduced below to allow the policyengine to manage source and replica policy group relationshipefficiently.

Each pair of the source and the replica policy group or rule have thesame globally unique “signature” field. A policy group copy API is usedto either create or update the replica policy groups and rules. Thepolicy group copy API input parameter contains all the informationneeded to create or update the replica policy groups and rules within.The copy API should have the following characteristics.

-   -   It is idempotent i.e., no side effects when the API is called        multiple times    -   If an entry with the “signature” does not yet exist, a new        replica rule or policy group is created.    -   If an entry with the “signature” already exists, the replica        rule and/or policy group is updated based on the        “last_update_time” and the “last_sync_time” maintained in the        separate policy pair table.

This algorithm guarantees that only one replica entry for a sourcepolicy group or rule exists on a single remote system.

In a typical flow, replica policy group tracks the source policy groupat all times.

1. The replica policy group is created when either of the following 2actions occur on the source array.

a. The source policy group is created with a replication rule.

b. A replication rule is added to the source policy group.

2. The replica policy group is modified and updated when the sourcepolicy group is modified, including the following source policy groupmodifications.

a. Snapshot rules are added or removed from the source policy group.

b. A snapshot rule is modified, including changes of snapshot intervalor time of the day, and snapshot retention period.

c. Replication rule RPO interval changes.

3. The replica policy group is deleted when either one of the followingchanges to the source policy group are made by a user.

a. The replication rule is removed from the source policy group.

b. The remote system of the replication rule is changed to point to adifferent array.

i. In this case, the replica policy group on the remote array beingreplaced is deleted and a new replica policy group on the new remotearray is created.

c. The source policy group is deleted.

It should be understood that certain variations may be suitable for useby the copy API. For example, instead of creating a new replica rule orpolicy group if the “signature” does not yet exist (as mentioned above),an association table may be used. Here, the policy engine looks up thesource rule/policy group ID. To this end, the data storage arrays mayuse identifiers (IDs) which are globally unique.

It should be understood that network disruption, however, cantemporarily fail replica policy group update when the source policygroup changes. As such, each array maintains a separate policy grouppair table as shown above, where the “last_sync_time” marks the lasttime the source policy group content is copied to the replica policygroup. The “last_update_time” for policy group or rule entity is setwhenever there is a change on the policy group or rule properties. Ifthe “last_update_time” in a source policy group is later than the“last_sync_time” in the association table, the source policy group needsto be copied over to the replica side.

To tolerate network faults, RPO interval handler is leveraged torepeatedly call policy group copy API if needed to make sure that thereplica policy is updated/created before the replication session iscreated and data synchronized (e.g., also see FIG. 11). With thisapproach, the replica policy is updated whenever network issues areresolved, and the replica policy group is always created before thereplication destination resource is created. The policy engine makessure that the replica policy is attached to the replica resource beforemarking the replication session creation as finished. As a result, thereplication destination resource is protected via the replica policygroup as soon as it is created or used in the replication session.

In other arrangements, the RPO interval handler does not repeatedly callthe policy group copy API. Rather, a separate background thread is usedinstead.

The following flow chart shows how remote replica policy groups areupdated at each RPO cycle of the policy engine.

In rare cases, replica policy groups may be left on an array as orphans.This can happen, for example, when the source policy is deleted whilethe remote array is down. To solve this, a background aging service canbe used to clean up the orphaned replica policy groups periodically. Forexample, the aging service can run once a week to delete all unusedreplica policy groups that have the “last_update_time” at apre-determined number of days (e.g. 14 days) ago.

In some embodiments, the data storage environment 20 is provided with aprocess to automatically protect replication resources when failing overthe replication session in the reversed direction.

-   -   A replica policy group is created on the remote array to track        the source policy group and provide protection to the        replication destination resource by default.    -   The replica policy group is managed by policy engine without        user input.    -   The replica policy group has the same protection level as the        source policy group.    -   Each source policy group has at most one replica policy group on        one remote array.

The individual features of the various embodiments, examples, andimplementations disclosed within this document can be combined in anydesired manner that makes technological sense. Furthermore, theindividual features are hereby combined in this manner to form allpossible combinations, permutations and variants except to the extentthat such combinations, permutations and/or variants have beenexplicitly excluded or are impractical. Support for such combinations,permutations and variants is considered to exist within this document.

In some situations, each data storage array 24 manages and provides dataprotection for both block-based and filed-based storage objects 120.Moreover, in some situations, a data storage array 24 manages productiondata on behalf of a set of host computers 22 as well as replicated dataon behalf of a set of other data storage arrays 24.

Additionally, in some arrangements, data protection rules can be applieddirectly to storage objects. In other arrangements, data protectionrules are applied indirectly to storage objects (e.g., via associations)which are managed by a policy engine.

Furthermore, it should be understood that the above-described dataprotection rules and policy groups may be un-assigned from storageobjects. For example, if a storage object is to be deleted, a user mayun-assign all rules and/or policy groups from the storage object beforedeleting the storage object. Similarly, if certain data protection is nolonger needed for a storage object, the user may un-assign a particularrule and/or policy group from that storage object to remove that dataprotection. Such modifications and enhancements are intended to belongto various embodiments of the disclosure.

What is claimed is:
 1. A method of providing data protection among data storage arrays, the method comprising: based on a first set of data protection policies on a first data storage array, generating, by a policy engine, a second set of data protection policies on a second data storage array to track the first set of data protection policies on the first data storage array, the first data storage array maintaining a first storage object, and the second data storage array maintaining a second storage object as a replica of the first storage object maintained by the first data storage array; detecting, by the policy engine, assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, the first data storage array providing data protection to the first storage object in accordance with the first set of data protection policies in response to the assignment of the first set of data protection policies to the first storage object; and in response to detecting the assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, automatically assigning, by the policy engine, the second set of data protection policies to the second storage object maintained by the second data storage array, the second data storage array providing data protection to the second storage object in accordance with the second set of data protection policies in response to the automatic assignment of the second set of data protection policies to the second storage object; wherein each data storage array of the first data storage array and the second data storage array is constructed and arranged to (i) apply a set of data protection policies to a storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication source, and (ii) delay applying the set of data protection policies to that storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication destination; wherein the first storage object initially is a replication source; wherein the first data storage array applies the first set of data protection policies to the first storage object in accordance with the first set of data protection policies in response to (i) assignment of the first set of data protection policies to the first storage object and (ii) the first storage object initially being a replication source; and wherein the second storage object initially is a replication destination, and wherein automatically assigning the second set of data protection policies to the second storage object maintained by the second data storage array includes: delaying applying the second set of data protection policies to the second storage object maintained by the second data storage array in response to (i) assignment of the second set of data protection policies to the second storage object and (ii) the second storage object initially being a replication destination.
 2. A method as in claim 1 wherein the first set of data protection policies includes a first policy group identifying multiple data protection rules; and wherein generating the second set of data protection policies on the second data storage array to track the first set of data protection policies on the first data storage array includes: forming, as at least a portion of the second set of data protection policies, a second policy group based on the first policy group, the second policy group identifying the multiple data protection rules.
 3. A method as in claim 2 wherein, during assignment of the first set of data protection policies to the first storage object, the policy engine generates a first data protection association having a first policy group identifier that uniquely identifies the first policy group among other policy groups and a first storage object identifier that uniquely identifies the first storage object among other storage objects, the first data protection association being used by the data storage arrays to manage data protection for the first storage object; and wherein automatically assigning the second set of data protection policies to the second storage object maintained by the second data storage array further includes: generating a second data protection association having a second policy group identifier that uniquely identifies the second policy group among the other policy groups and a second storage object identifier that uniquely identifies the second storage object among the other storage objects, the second data protection association being used by the data storage arrays to manage data protection for the second storage object.
 4. A method as in claim 2 wherein the first policy group identifies, as the multiple data protection rules, multiple snapshot rules, each of the multiple snapshot rules specifying a different snapshot creation schedule to routinely create snapshots of a storage object on a local data storage array; and wherein forming the second policy group based on the first policy group includes: configuring the second policy group to identify the multiple snapshot rules identified by the first policy group.
 5. A method as in claim 2 wherein the first policy group identifies, as the multiple data protection rules, multiple replication rules, each of the multiple replication rules defining different replication criteria to replicate a storage object to a remote data storage array; and wherein forming the second policy group based on the first policy group includes: configuring the second policy group to identify the multiple replication rules identified by the first policy group.
 6. A method as in claim 2 wherein the first policy group identifies, as the multiple data protection rules, at least one snapshot rule and at least one replication rule, each snapshot rule identified by the first policy group specifying a different snapshot creation schedule to routinely create snapshots of a storage object on a local data storage array, and each replication rule identified by the first policy group defining different replication criteria to replicate a storage object to a remote data storage array; and wherein forming the second policy group based on the first policy group includes: configuring the second policy group to identify each snapshot rule and each replication rule identified by the first policy group.
 7. A method as in claim 2, further comprising: detecting a data protection rule modification to the first policy group, and in response to detecting the data protection rule modification to the first policy group, making a corresponding data protection rule modification to the second policy group.
 8. A method as in claim 7 wherein making the corresponding data protection rule modification to the second policy group includes: changing at least one data protection rule identified by the second policy group while the second policy group is assigned to the second storage object.
 9. A method as in claim 7 wherein making the corresponding data protection rule modification to the second policy group includes: changing at least one data protection rule identified by the second policy group to match the data protection rules identified by the second policy group with the data protection rules identified by the first policy group.
 10. A method as in claim 9 wherein the first data storage array is constructed and arranged to process block-based input/output (I/O) requests on behalf of a set of host computers; wherein the first storage object is a first logical unit of storage (LUN) that stores host data based on the block-based I/O requests; and wherein the second storage object is a second LUN that stores host data based on the block-based I/O requests, the second LUN being different from the first LUN.
 11. A method as in claim 9 wherein the first data storage array is constructed and arranged to process file-based input/output (I/O) requests on behalf of a set of host computers; wherein the first storage object is a first file system that stores host data based on the file-based I/O requests; and wherein the second storage object is a second file system that stores host data based on the file-based I/O requests, the second file system being different from the first file system.
 12. A method as in claim 2 wherein the first data storage array and the second data storage array replicate data from the first storage object to the second storage object in accordance with the first policy group during a first time period; and wherein the method further comprises: during a second time period that is after the first time period, detecting that the second storage object has become the replication source and that the first storage object has become the replication destination.
 13. A method as in claim 12, further comprising: during the second time period and in response to detecting that (i) the second storage object has become the replication source and (ii) the first storage object has become the replication destination, automatically applying the second policy group to the second storage object, the first data storage array and the second data storage array replicating data from the second storage object to the first storage object in response to applying the second policy group to the second storage object.
 14. A method as in claim 13 wherein the policy engine configures metadata privileges to allow a user to directly make a data protection rule modification to the first policy group; and wherein forming the second policy group includes: configuring the metadata privileges to prevent a user from directly making a data protection rule modification to the second policy group.
 15. A method as in claim 14, further comprising: during a third time period that is after the second time period, receiving a user command to modify data protection imposed on the second storage object, and based on the metadata privileges and the user command, (i) creating a third policy group that includes at least one data protection rule that is different from the multiple data protection rules identified by the second policy group, (ii) configuring the metadata privileges to allow a user to directly make a data protection rule modification to the third policy group, (iii) terminating application of the second policy group to the second storage object, and (iv) applying the third policy group to the second storage object in place of the second policy group.
 16. A method as in claim 2, further comprising: periodically performing an orphan policy group cleanup operation to delete orphan policy groups from one or more of the data storage arrays, the orphan policy group cleanup operation (i) identifying last update times for the first policy group and the second policy group and (ii) evaluating whether to delete the first policy group and the second policy group based on the last update times.
 17. A method as in claim 1 wherein the policy engine is external to the first data storage array and the second data storage array; and wherein generating the second set of data protection policies includes: forming, as the second set of data protection policies on the second data storage array and by the policy engine, a copy of the first set of data protection policies.
 18. A method as in claim 1 wherein at least a portion of the policy engine resides within one of the first data storage array and the second data storage array; and wherein generating the second set of data protection policies includes: forming, as the second set of data protection policies on the second data storage array and by the policy engine, a copy of the first set of data protection policies.
 19. Data storage equipment, comprising: memory; and control circuitry coupled to the memory, the memory storing instructions which, when carried out by the control circuitry, cause the control circuitry to: based on a first set of data protection policies on a first data storage array, generate a second set of data protection policies on a second data storage array to track the first set of data protection policies on the first data storage array, the first data storage array maintaining a first storage object, and the second data storage array maintaining a second storage object as a replica of the first storage object maintained by the first data storage array; detect assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, the first data storage array providing data protection to the first storage object in accordance with the first set of data protection policies in response to the assignment of the first set of data protection policies to the first storage object; and in response to detecting the assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, automatically assign the second set of data protection policies to the second storage object maintained by the second data storage array, the second data storage array providing data protection to the second storage object in accordance with the second set of data protection policies in response to the automatic assignment of the second set of data protection policies to the second storage object; wherein each data storage array of the first data storage array and the second data storage array is constructed and arranged to (i) apply a set of data protection policies to a storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication source, and (ii) delay applying the set of data protection policies to that storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication destination; wherein the first storage object initially is a replication source; wherein the first data storage array applies the first set of data protection policies to the first storage object in accordance with the first set of data protection policies in response to (i) assignment of the first set of data protection policies to the first storage object and (ii) the first storage object initially being a replication source; and wherein the second storage object initially is a replication destination, and wherein the control circuitry, when automatically assigning the second set of data protection policies to the second storage object maintained by the second data storage array, is constructed and arranged to: delay applying the second set of data protection policies to the second storage object maintained by the second data storage array in response to (i) assignment of the second set of data protection policies to the second storage object and (ii) the second storage object initially being a replication destination.
 20. A computer program product having a non-transitory computer readable medium which stores a set of instructions to provide data protection among data storage arrays; the set of instructions, when carried out by data storage equipment, causing the data storage equipment to perform a method of: based on a first set of data protection policies on a first data storage array, generating a second set of data protection policies on a second data storage array to track the first set of data protection policies on the first data storage array, the first data storage array maintaining a first storage object, and the second data storage array maintaining a second storage object as a replica of the first storage object maintained by the first data storage array; detecting assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, the first data storage array providing data protection to the first storage object in accordance with the first set of data protection policies in response to the assignment of the first set of data protection policies to the first storage object; and in response to detecting the assignment of the first set of data protection policies to the first storage object maintained by the first data storage array, automatically assigning the second set of data protection policies to the second storage object maintained by the second data storage array, the second data storage array providing data protection to the second storage object in accordance with the second set of data protection policies in response to the automatic assignment of the second set of data protection policies to the second storage object; wherein each data storage array of the first data storage array and the second data storage array is constructed and arranged to (i) apply a set of data protection policies to a storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication source, and (ii) delay applying the set of data protection policies to that storage object maintained by that data storage array when the set of data protection policies is assigned to that storage object and when that storage object is a replication destination; wherein the first storage object initially is a replication source; wherein the first data storage array applies the first set of data protection policies to the first storage object in accordance with the first set of data protection policies in response to (i) assignment of the first set of data protection policies to the first storage object and (ii) the first storage object initially being a replication source; and wherein the second storage object initially is a replication destination, and wherein automatically assigning the second set of data protection policies to the second storage object maintained by the second data storage array includes: delaying applying the second set of data protection policies to the second storage object maintained by the second data storage array in response to (i) assignment of the second set of data protection policies to the second storage object and (ii) the second storage object initially being a replication destination. 